Job Ref: 174461 Location: Providence, RI 02903 Location Flexibility: Remote Category: IT Job Type: Full-time Job Status: Exempt Anticipated Closing Date: January 30, 2026 Pay Basis: Yearly Pay Range: $100,200.00 - $193,400.00 Annually (48.17 - 92.98 Hourly) Brand: UNFI
Job Overview
The Senior Cybersecurity Engineer Application Security role is responsible for protecting our organizations software applications and services from threats by embedding security practices into the software development lifecycle (SDLC). The role functions as part of the cybersecurity operations team and collaborates cross-functionally with Application Development, Threat Intelligence, Vulnerability Management, Threat Emulation, and Security Architecture teams to identify vulnerabilities, perform assessments, build secure applications, and promote a culture of security.
This position plays a critical role in safeguarding sensitive data, maintaining compliance, and reducing application-layer risk in cloud, web, mobile, and API environments. The role is expected to independently lead engagements from conception to completion, communicate technical details to partners and senior leadership, mentor junior staff, and provide technical direction to the program.
Job Responsibilities
• Conduct security-focused code reviews, static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and interactive application security testing (IAST) • Triage and prioritize findings from automated security scans and penetration testing results, providing actionable remediation guidance to developers • Collaborate with software development teams to integrate security tools and best practices into CI-CD pipelines (e.g., secret scanning, dependency checking, secure coding standards) • Develop and maintain security tools, scripts, frameworks, and automation to scale application security efforts • Support vulnerability assessments, penetration testing, and red team exercises on applications • Provide security consulting and training to development teams on secure coding practices, common vulnerabilities (e.g., OWASP top 10), and emerging threats • Monitor emerging application security trends, vulnerabilities (e.g., CVEs), and attack techniques, contributing to incident response when application exploits occur • Ensure applications align with relevant standards and regulations (e.g., NIST, OWASP, PCI-DSS, SOC 2) • Create and update security documentation, policies, and threat models as needed • Compile and analyze data for management reporting and metrics as directed • Demonstrate expert-level knowledge and skills in the technical, process, organizational, and philosophical aspects of application security • Perform other duties as assigned
Job Requirements
Education: Certifications: • BABS in Computer or Cybersecurity domain • Relevant certifications such as OSCP, GWAPT, CSSLP, CEH, CISSP, or cloud security certs (e.g., AWS Security Specialty)
Experience: • 6 years of experience in application security, secure software development, penetration testing, or related cybersecurity roles in a large, highly diverse, and distributed environment • Strong understanding of web application vulnerabilities, OWASP top 10, and secure coding principles • Proficiency in at least one or more programming languages (e.g., Python, Java, JavaScript, C) • Hands-on experience with AppSec tools such as SAST, SNYK, Veracode, SonarQube, Checkmarx, CodeQL, DAST, SNYK, OWASP ZAP, Burp Suite, Veracode, SCA, Snyk, Dependabot, Black Duck, OWASP Dependency-Check, and other Wiz, GitHub, Advanced Security or similar • Familiarity with cloud platforms (AWS, Azure, GCP) and container orchestration technologies (Docker, Kubernetes) • Experience with DevSecOps practices and integrating security into CI-CD pipelines • Knowledge of secure SDLC methodologies, threat modeling (e.g., STRIDE, PASTA), and secure design patterns
Skills and Abilities:
• Excellent written, verbal, and interpersonal communication skills - able to explain technical security issues to non-technical stakeholders and collaborate effectively with developers • Analytical mindset with strong problem-solving abilities • Proactive, detail-oriented, and able to manage multiple priorities • Ability to translate technical findings into actionable insights • Ability to mentor junior staff and transfer technical knowledge, as well as contribute to the teams knowledge sharing • Strong independent direction and ability to multi-task • Flexible and adaptable to learning and understanding new technologies • Ability to work extremely well under pressure while maintaining a professional image and approach • Team player with proven ability to work effectively with other business units, IT management, and staff, vendors, and consultants • Exceptional information analysis abilities, able to perform independent analysis and distill relevant findings and root cause • Comfortable discussing complex findings and issues with various audiences, including C-suite level • Self-driven and able to reach deadlines on-time with minimal direction • Passion for cybersecurity and staying current with evolving threats
Work Environment
Remote Role
This position is classified as remote, where the associate will perform remote work from their primary residence. Remote associates are welcome to work from the office but are not required to do so. While remote associates are not required to work from an office on a regular basis, they may be required to come to the office or other UNFI locations for necessary business reasons or if directed to do so by their manager.
Physical Environment
Demands
• Office Roles: Most work is performed in a temperature-controlled office environment. • Incentive: Incentive to work from home or other remote locations. • Employee may sit for long periods of time at a desk or computer terminal. • Employee may use calculators, keyboards, telephones, and other office equipment during a normal workday. • Employee may stoop, bend, twist, and reach while completing job duties.
Company Information
United Natural Foods, Inc.
Compensation
UNFI anticipates paying the above-referenced pay rate or within the above-referenced pay range for this position. Actual Pay, where applicable, will depend on a number of factors, including but not limited to education, experience, training, and any requirements under applicable collective bargaining agreements.
Benefits
• Paid Time Off • Sick Time • Paid Holidays • Parental Leave • 401K Program or retirement savings plan (if in Canada) • Medical, dental, vision, life, and accidental death/dismemberment insurance • Flexible Spending Account and/or Health Savings Account (U.S. only, subject to meeting eligibility requirements and terms and conditions) • Sales Positions Only: The above range is an estimate of total potential commission-based compensation during an associates first year. UNFI offers an introductory period minimum of $680 per week. After the introductory period, as a 100% commission-based role, there is no set salary. UNFIs commission plans are uncapped, and average earnings vary depending on territory and sales achieved among other factors.
Disclaimer
UNFIs compensation benefits and paid time off policies are subject to change in the Companys sole discretion, consistent with applicable law. This job posting should not be construed as an offer of employment with certain terms nor should it be construed as a guaranteed minimum. Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act or for Canadian applicants in accordance with provincial human rights legislation.